// Copyright 2011 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // TODO(rsc): // More precise error handling. // Presence functionality. // TODO(mattn): // Add proxy authentication. // Package xmpp implements a simple Google Talk client // using the XMPP protocol described in RFC 3920 and RFC 3921. package xmpp import ( "bufio" "bytes" "crypto/md5" "crypto/rand" "crypto/tls" "encoding/base64" "encoding/binary" "encoding/xml" "errors" "fmt" "io" "math/big" "net" "net/http" "net/url" "os" "strings" ) const ( nsStream = "http://etherx.jabber.org/streams" nsTLS = "urn:ietf:params:xml:ns:xmpp-tls" nsSASL = "urn:ietf:params:xml:ns:xmpp-sasl" nsBind = "urn:ietf:params:xml:ns:xmpp-bind" nsClient = "jabber:client" NsSession = "urn:ietf:params:xml:ns:xmpp-session" ) var DefaultConfig tls.Config type Cookie uint64 func getCookie() Cookie { var buf [8]byte if _, err := rand.Reader.Read(buf[:]); err != nil { panic("Failed to read random bytes: " + err.Error()) } return Cookie(binary.LittleEndian.Uint64(buf[:])) } type Client struct { conn net.Conn // connection to server jid string // Jabber ID for our connection domain string p *xml.Decoder } func connect(host, user, passwd string) (net.Conn, error) { addr := host if strings.TrimSpace(host) == "" { a := strings.SplitN(user, "@", 2) if len(a) == 2 { host = a[1] } } a := strings.SplitN(host, ":", 2) if len(a) == 1 { host += ":5222" } proxy := os.Getenv("HTTP_PROXY") if proxy == "" { proxy = os.Getenv("http_proxy") } if proxy != "" { url, err := url.Parse(proxy) if err == nil { addr = url.Host } } c, err := net.Dial("tcp", addr) if err != nil { return nil, err } if proxy != "" { fmt.Fprintf(c, "CONNECT %s HTTP/1.1\r\n", host) fmt.Fprintf(c, "Host: %s\r\n", host) fmt.Fprintf(c, "\r\n") br := bufio.NewReader(c) req, _ := http.NewRequest("CONNECT", host, nil) resp, err := http.ReadResponse(br, req) if err != nil { return nil, err } if resp.StatusCode != 200 { f := strings.SplitN(resp.Status, " ", 2) return nil, errors.New(f[1]) } } return c, nil } // Options are used to specify additional options for new clients, such as a Resource. type Options struct { // Host specifies what host to connect to, as either "hostname" or "hostname:port" // If host is not specified, the DNS SRV should be used to find the host from the domainpart of the JID. // Default the port to 5222. Host string // User specifies what user to authenticate to the remote server. User string // Password supplies the password to use for authentication with the remote server. Password string // Resource specifies an XMPP client resource, like "bot", instead of accepting one // from the server. Use "" to let the server generate one for your client. Resource string // TLS Config TLSConfig *tls.Config // NoTLS disables TLS and specifies that a plain old unencrypted TCP connection should // be used. NoTLS bool // Debug output Debug bool // Use server sessions Session bool // Presence Status Status string // Status message StatusMessage string } // NewClient establishes a new Client connection based on a set of Options. func (o Options) NewClient() (*Client, error) { host := o.Host c, err := connect(host, o.User, o.Password) if err != nil { return nil, err } client := new(Client) if o.NoTLS { client.conn = c } else { var tlsconn *tls.Conn if o.TLSConfig != nil { tlsconn = tls.Client(c, o.TLSConfig) } else { tlsconn = tls.Client(c, &DefaultConfig) } if err = tlsconn.Handshake(); err != nil { return nil, err } if strings.LastIndex(o.Host, ":") > 0 { host = host[:strings.LastIndex(o.Host, ":")] } if err = tlsconn.VerifyHostname(host); err != nil { return nil, err } client.conn = tlsconn } if err := client.init(&o); err != nil { client.Close() return nil, err } return client, nil } // NewClient creates a new connection to a host given as "hostname" or "hostname:port". // If host is not specified, the DNS SRV should be used to find the host from the domainpart of the JID. // Default the port to 5222. func NewClient(host, user, passwd string, debug bool) (*Client, error) { opts := Options{ Host: host, User: user, Password: passwd, Debug: debug, Session: false, } return opts.NewClient() } func NewClientNoTLS(host, user, passwd string, debug bool) (*Client, error) { opts := Options{ Host: host, User: user, Password: passwd, NoTLS: true, Debug: debug, Session: false, } return opts.NewClient() } func (c *Client) Close() error { return c.conn.Close() } func saslDigestResponse(username, realm, passwd, nonce, cnonceStr, authenticate, digestUri, nonceCountStr string) string { h := func(text string) []byte { h := md5.New() h.Write([]byte(text)) return h.Sum(nil) } hex := func(bytes []byte) string { return fmt.Sprintf("%x", bytes) } kd := func(secret, data string) []byte { return h(secret + ":" + data) } a1 := string(h(username+":"+realm+":"+passwd)) + ":" + nonce + ":" + cnonceStr a2 := authenticate + ":" + digestUri response := hex(kd(hex(h(a1)), nonce+":"+ nonceCountStr+":"+cnonceStr+":auth:"+ hex(h(a2)))) return response } func cnonce() string { randSize := big.NewInt(0) randSize.Lsh(big.NewInt(1), 64) cn, err := rand.Int(rand.Reader, randSize) if err != nil { return "" } return fmt.Sprintf("%016x", cn) } func (c *Client) init(o *Options) error { c.p = xml.NewDecoder(c.conn) // For debugging: the following causes the plaintext of the connection to be duplicated to stdout. if o.Debug { c.p = xml.NewDecoder(tee{c.conn, os.Stdout}) } a := strings.SplitN(o.User, "@", 2) if len(a) != 2 { return errors.New("xmpp: invalid username (want user@domain): " + o.User) } domain := a[1] // Declare intent to be a jabber client. fmt.Fprintf(c.conn, "\n"+ "\n", xmlEscape(domain), nsClient, nsStream) // Server should respond with a stream opening. se, err := nextStart(c.p) if err != nil { return err } if se.Name.Space != nsStream || se.Name.Local != "stream" { return errors.New("xmpp: expected but got <" + se.Name.Local + "> in " + se.Name.Space) } // Now we're in the stream and can use Unmarshal. // Next message should be to tell us authentication options. // See section 4.6 in RFC 3920. var f streamFeatures if err = c.p.DecodeElement(&f, nil); err != nil { return errors.New("unmarshal : " + err.Error()) } mechanism := "" for _, m := range f.Mechanisms.Mechanism { if m == "ANONYMOUS" { mechanism = m fmt.Fprintf(c.conn, "\n", nsSASL) break } a := strings.SplitN(o.User, "@", 2) if len(a) != 2 { return errors.New("xmpp: invalid username (want user@domain): " + o.User) } user := a[0] domain := a[1] if m == "PLAIN" { mechanism = m // Plain authentication: send base64-encoded \x00 user \x00 password. raw := "\x00" + user + "\x00" + o.Password enc := make([]byte, base64.StdEncoding.EncodedLen(len(raw))) base64.StdEncoding.Encode(enc, []byte(raw)) fmt.Fprintf(c.conn, "%s\n", nsSASL, enc) break } if m == "DIGEST-MD5" { mechanism = m // Digest-MD5 authentication fmt.Fprintf(c.conn, "\n", nsSASL) var ch saslChallenge if err = c.p.DecodeElement(&ch, nil); err != nil { return errors.New("unmarshal : " + err.Error()) } b, err := base64.StdEncoding.DecodeString(string(ch)) if err != nil { return err } tokens := map[string]string{} for _, token := range strings.Split(string(b), ",") { kv := strings.SplitN(strings.TrimSpace(token), "=", 2) if len(kv) == 2 { if kv[1][0] == '"' && kv[1][len(kv[1])-1] == '"' { kv[1] = kv[1][1 : len(kv[1])-1] } tokens[kv[0]] = kv[1] } } realm, _ := tokens["realm"] nonce, _ := tokens["nonce"] qop, _ := tokens["qop"] charset, _ := tokens["charset"] cnonceStr := cnonce() digestUri := "xmpp/" + domain nonceCount := fmt.Sprintf("%08x", 1) digest := saslDigestResponse(user, realm, o.Password, nonce, cnonceStr, "AUTHENTICATE", digestUri, nonceCount) message := "username=\"" + user + "\", realm=\"" + realm + "\", nonce=\"" + nonce + "\", cnonce=\"" + cnonceStr + "\", nc=" + nonceCount + ", qop=" + qop + ", digest-uri=\"" + digestUri + "\", response=" + digest + ", charset=" + charset fmt.Fprintf(c.conn, "%s\n", nsSASL, base64.StdEncoding.EncodeToString([]byte(message))) var rspauth saslRspAuth if err = c.p.DecodeElement(&rspauth, nil); err != nil { return errors.New("unmarshal : " + err.Error()) } b, err = base64.StdEncoding.DecodeString(string(rspauth)) if err != nil { return err } fmt.Fprintf(c.conn, "\n", nsSASL) break } } if mechanism == "" { return errors.New(fmt.Sprintf("PLAIN authentication is not an option: %v", f.Mechanisms.Mechanism)) } // Next message should be either success or failure. name, val, err := next(c.p) if err != nil { return err } switch v := val.(type) { case *saslSuccess: case *saslFailure: // v.Any is type of sub-element in failure, // which gives a description of what failed. return errors.New("auth failure: " + v.Any.Local) default: return errors.New("expected or , got <" + name.Local + "> in " + name.Space) } // Now that we're authenticated, we're supposed to start the stream over again. // Declare intent to be a jabber client. fmt.Fprintf(c.conn, "\n", xmlEscape(domain), nsClient, nsStream) // Here comes another and . se, err = nextStart(c.p) if err != nil { return err } if se.Name.Space != nsStream || se.Name.Local != "stream" { return errors.New("expected , got <" + se.Name.Local + "> in " + se.Name.Space) } if err = c.p.DecodeElement(&f, nil); err != nil { // TODO: often stream stop. //return errors.New("unmarshal : " + err.Error()) } //Generate uniq cookie cookie := getCookie() // Send IQ message asking to bind to the local user name. if o.Resource == "" { fmt.Fprintf(c.conn, "\n", cookie, nsBind) } else { fmt.Fprintf(c.conn, "%s\n", cookie, nsBind, o.Resource) } var iq clientIQ if err = c.p.DecodeElement(&iq, nil); err != nil { return errors.New("unmarshal : " + err.Error()) } if &iq.Bind == nil { return errors.New(" result missing ") } c.jid = iq.Bind.Jid // our local id if o.Session { //if server support session, open it fmt.Fprintf(c.conn, "", xmlEscape(domain), cookie, NsSession) } // We're connected and can now receive and send messages. fmt.Fprintf(c.conn, "%s%s", o.Status, o.StatusMessage) return nil } type Chat struct { Remote string Type string Text string Other []string } type Presence struct { From string To string Type string Show string } // Recv wait next token of chat. func (c *Client) Recv() (event interface{}, err error) { for { _, val, err := next(c.p) if err != nil { return Chat{}, err } switch v := val.(type) { case *clientMessage: return Chat{v.From, v.Type, v.Body, v.Other}, nil case *clientPresence: return Presence{v.From, v.To, v.Type, v.Show}, nil } } panic("unreachable") } // Send sends message text. func (c *Client) Send(chat Chat) { fmt.Fprintf(c.conn, ""+ "%s", xmlEscape(chat.Remote), xmlEscape(chat.Type), xmlEscape(chat.Text)) } // Send origin func (c *Client) SendOrg(org string) { fmt.Fprint(c.conn, org) } // RFC 3920 C.1 Streams name space type streamFeatures struct { XMLName xml.Name `xml:"http://etherx.jabber.org/streams features"` StartTLS tlsStartTLS Mechanisms saslMechanisms Bind bindBind Session bool } type streamError struct { XMLName xml.Name `xml:"http://etherx.jabber.org/streams error"` Any xml.Name Text string } // RFC 3920 C.3 TLS name space type tlsStartTLS struct { XMLName xml.Name `xml:":ietf:params:xml:ns:xmpp-tls starttls"` Required bool } type tlsProceed struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-tls proceed"` } type tlsFailure struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-tls failure"` } // RFC 3920 C.4 SASL name space type saslMechanisms struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-sasl mechanisms"` Mechanism []string `xml:"mechanism"` } type saslAuth struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-sasl auth"` Mechanism string `xml:",attr"` } type saslChallenge string type saslRspAuth string type saslResponse string type saslAbort struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-sasl abort"` } type saslSuccess struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-sasl success"` } type saslFailure struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-sasl failure"` Any xml.Name } // RFC 3920 C.5 Resource binding name space type bindBind struct { XMLName xml.Name `xml:"urn:ietf:params:xml:ns:xmpp-bind bind"` Resource string Jid string `xml:"jid"` } // RFC 3921 B.1 jabber:client type clientMessage struct { XMLName xml.Name `xml:"jabber:client message"` From string `xml:"from,attr"` Id string `xml:"id,attr"` To string `xml:"to,attr"` Type string `xml:"type,attr"` // chat, error, groupchat, headline, or normal // These should technically be []clientText, // but string is much more convenient. Subject string `xml:"subject"` Body string `xml:"body"` Thread string `xml:"thread"` // Any hasn't matched element Other []string `xml:",any"` } type clientText struct { Lang string `xml:",attr"` Body string `xml:"chardata"` } type clientPresence struct { XMLName xml.Name `xml:"jabber:client presence"` From string `xml:"from,attr"` Id string `xml:"id,attr"` To string `xml:"to,attr"` Type string `xml:"type,attr"` // error, probe, subscribe, subscribed, unavailable, unsubscribe, unsubscribed Lang string `xml:"lang,attr"` Show string `xml:"show"` // away, chat, dnd, xa Status string `xml:"status,attr"` // sb []clientText Priority string `xml:"priority,attr"` Error *clientError } type clientIQ struct { // info/query XMLName xml.Name `xml:"jabber:client iq"` From string `xml:",attr"` Id string `xml:",attr"` To string `xml:",attr"` Type string `xml:",attr"` // error, get, result, set Error clientError Bind bindBind } type clientError struct { XMLName xml.Name `xml:"jabber:client error"` Code string `xml:",attr"` Type string `xml:",attr"` Any xml.Name Text string } // Scan XML token stream to find next StartElement. func nextStart(p *xml.Decoder) (xml.StartElement, error) { for { t, err := p.Token() if err != nil && err != io.EOF { return xml.StartElement{}, err } switch t := t.(type) { case xml.StartElement: return t, nil } } panic("unreachable") } // Scan XML token stream for next element and save into val. // If val == nil, allocate new element based on proto map. // Either way, return val. func next(p *xml.Decoder) (xml.Name, interface{}, error) { // Read start element to find out what type we want. se, err := nextStart(p) if err != nil { return xml.Name{}, nil, err } // Put it in an interface and allocate one. var nv interface{} switch se.Name.Space + " " + se.Name.Local { case nsStream + " features": nv = &streamFeatures{} case nsStream + " error": nv = &streamError{} case nsTLS + " starttls": nv = &tlsStartTLS{} case nsTLS + " proceed": nv = &tlsProceed{} case nsTLS + " failure": nv = &tlsFailure{} case nsSASL + " mechanisms": nv = &saslMechanisms{} case nsSASL + " challenge": nv = "" case nsSASL + " response": nv = "" case nsSASL + " abort": nv = &saslAbort{} case nsSASL + " success": nv = &saslSuccess{} case nsSASL + " failure": nv = &saslFailure{} case nsBind + " bind": nv = &bindBind{} case nsClient + " message": nv = &clientMessage{} case nsClient + " presence": nv = &clientPresence{} case nsClient + " iq": nv = &clientIQ{} case nsClient + " error": nv = &clientError{} default: return xml.Name{}, nil, errors.New("unexpected XMPP message " + se.Name.Space + " <" + se.Name.Local + "/>") } // Unmarshal into that storage. if err = p.DecodeElement(nv, &se); err != nil { return xml.Name{}, nil, err } return se.Name, nv, err } var xmlSpecial = map[byte]string{ '<': "<", '>': ">", '"': """, '\'': "'", '&': "&", } func xmlEscape(s string) string { var b bytes.Buffer for i := 0; i < len(s); i++ { c := s[i] if s, ok := xmlSpecial[c]; ok { b.WriteString(s) } else { b.WriteByte(c) } } return b.String() } type tee struct { r io.Reader w io.Writer } func (t tee) Read(p []byte) (n int, err error) { n, err = t.r.Read(p) if n > 0 { t.w.Write(p[0:n]) t.w.Write([]byte("\n")) } return }